Vulnerabilities > Misp > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-09 | CVE-2024-25674 | Unrestricted Upload of File with Dangerous Type vulnerability in Misp An issue was discovered in MISP before 2.4.184. | 9.8 |
2024-02-09 | CVE-2024-25675 | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.184. | 9.8 |
2023-12-15 | CVE-2023-50918 | Unspecified vulnerability in Misp app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. | 9.8 |
2023-02-20 | CVE-2022-48328 | Improper Handling of Exceptional Conditions vulnerability in Misp app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. | 9.8 |
2023-02-20 | CVE-2022-48329 | Improper Handling of Exceptional Conditions vulnerability in Misp MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. | 9.8 |
2022-04-20 | CVE-2022-29528 | Deserialization of Untrusted Data vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 9.8 |
2021-09-17 | CVE-2021-41326 | Unspecified vulnerability in Misp In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. | 9.8 |
2018-12-06 | CVE-2018-19908 | OS Command Injection vulnerability in Misp An issue was discovered in MISP 2.4.9x before 2.4.99. | 9.0 |
2018-02-12 | CVE-2018-6926 | OS Command Injection vulnerability in Misp 2.4.87 In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. | 9.0 |